CVE-2013-1801
Published Apr 9, 2013
Last updated 12 years ago
Overview
- Description
- The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7AF77B3-AFA1-482E-970C-A18CA17AFA04",
"versionEndIncluding": "0.9.0"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "320429F1-6058-481A-91FA-229EA72541C8"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "892C247D-82BC-460B-8B22-DA28E7EE94D4"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D4C189F-BB30-489E-83D6-174B2E56933B"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4985DEFE-D57D-4240-803D-1925B8A3B28D"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53FCC484-454E-4092-AA45-41713302C874"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BAB48BB8-683E-4A28-BCDB-200D66DD6135"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DADF06F7-9CED-4B50-B3F4-192EA8B09673"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32E81542-5CCB-49C5-AEC1-6FE34F1D189D"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CA86AC3-A044-4D33-9AAA-4D3BCEB3D640"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C36EB25-0BD6-4AFF-80D8-595938CBDE59"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E4E90DE-6D28-4D7F-95AA-A1829F6DAE3B"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7EBA09B-9667-4A69-90DC-A0C00A67B97C"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B6FABA0-145D-4F0F-9CB7-07BFFFE331EF"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F10CE4A6-65F3-4AAD-B186-A13FE4E2717D"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D247CCE-6628-4018-9F65-A09CAFF12B35"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C44A2D3-AE53-4E26-8881-EBD36636F9AA"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79959AF0-5A72-4B9A-9B1F-3BA4D1BA41A6"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "085FA28C-F7A7-46FC-934C-D4A4C35FF257"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8620D5B-0AB1-4BF8-89E5-9E81B8688B2F"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE27DD5F-1726-470F-B618-2BE880B175A8"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E30C2C76-1360-47F0-A136-C024FAD63915"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94F901F7-3589-4607-824F-4BACCDF150B8"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4016FBD-0BA2-48F5-9F67-4978A82F855F"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9B9244D-B840-408C-8517-223CAD71AD45"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9F61BA4-3916-480B-A5E6-0AF3E07E805B"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C0E9145-FE79-4A5B-82AF-04BB36167977"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84D7769A-41C8-46D0-B502-B1740DCF1E06"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B0FCA76-DB62-443A-851D-CDAF5F2A877B"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6153BC0E-4F33-4708-8DAB-84E330FC5D4D"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6C015D8-EEAC-48D0-B4A1-AC98BB44408B"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40850AE1-5320-4B09-A5D4-6F393FA87B3A"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBEAB380-095A-49AB-80D0-F1A71C0F5BC3"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE64350B-FE1E-43BF-AFA7-136D61243966"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E29674A-11AB-46B2-A67D-50AE296C91EC"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C237B5D0-3156-4A30-B224-ACBD60B8FAB2"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33762DC0-6E68-44BB-AAC1-33246A383B22"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E1F3330-4F2A-4134-8D0E-BEE3D91D7397"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "611780A3-7F88-406F-BBFB-38900773E0DC"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F05FFFDC-1C20-46EA-BA63-0D002901B0BE"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0E5D68F-15A0-485D-98A1-1B2C178B2DCF"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B5F1C43-95C2-414F-833C-A9B611A0CF09"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F5456C9-EBD7-483A-8271-207FCD7B509B"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2D1D4C0-4908-4C6F-96D5-B2B982075121"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71FD7E41-F1B6-4C42-BF19-F3DAF61D9285"
},
{
"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.8.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FDE3D1AC-C201-4332-A8C7-EB27C8C3C2F3"
}
],
"operator": "OR"
}
]
}
]